Changeset 28678


Ignore:
Timestamp:
06/12/14 11:33:20 (2 years ago)
Author:
plg
Message:

bug 3089: prevent SQL injection on photo edition

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/admin/picture_modify.php

    r28587 r28678  
    156156    $_POST['associate'] = array(); 
    157157  } 
     158  check_input_parameter('associate', $_POST, true, PATTERN_ID); 
    158159  move_images_to_categories(array($_GET['image_id']), $_POST['associate']); 
    159160 
     
    165166    $_POST['represent'] = array(); 
    166167  } 
     168  check_input_parameter('represent', $_POST, true, PATTERN_ID); 
    167169 
    168170  $no_longer_thumbnail_for = array_diff($represented_albums, $_POST['represent']); 
Note: See TracChangeset for help on using the changeset viewer.